EFF and Allies Push FTC to Reject X's Petition to Escape Privacy Oversight
Key Takeaways
- ▸X Corp filed an FTC petition to eliminate or modify a 2022 consent decree requiring privacy and security reporting through 2042, originally resulting from misleading users about data use for targeted ads
- ▸EFF and allied organizations argue the petition should be rejected, contending that corporate restructuring and new leadership are insufficient grounds to terminate binding FTC orders
- ▸Recent violations—including Grok AI integration without consent and a 2025 data breach—undermine X's claims of fundamental privacy reform
Summary
X Corp filed a petition with the Federal Trade Commission seeking to set aside or modify a 2022 consent decree that requires the company to regularly report on its privacy and data security practices. The decree, which carries a $150 million fine, stemmed from X's violation of user privacy by repurposing personal information—including phone numbers and email addresses—for targeted advertising without proper disclosure to its 140 million users.
The Electronic Frontier Foundation, joined by Demand Progress Education Fund, National Consumers League, and the Electronic Privacy Information Center, has called on the FTC to reject X's petition. X argues that corporate restructuring, new leadership, and a revamped privacy program justify terminating the order, which extends compliance obligations to 2042. The company further contends that ongoing FTC oversight hinders its ability to compete in artificial intelligence development.
Civil society groups counter that corporate personnel changes do not dissolve FTC obligations binding the corporate entity itself. They point to recent violations contradicting X's claims of reformed practices, including the integration of its Grok AI model trained on user data without meaningful consent and a major data breach in 2025. Critics also note that X's compliance costs represent a negligible burden relative to the company's $200 billion valuation.
The dispute highlights broader tensions between regulatory oversight and AI innovation, with advocates warning that removing safeguards would expose users to heightened risks from AI systems trained on personal data—particularly given techniques like prompt injection that can extract training data from language models.
- X argues FTC compliance diverts engineering resources from AI innovation; critics counter that guardrails are essential precisely because AI systems trained on user data pose novel privacy risks
- The $150 million fine and compliance costs represent minimal expense relative to X's valuation, undercutting arguments that oversight places undue financial burden



